APPROVED FOR PUBLIC RELEASE
27
• Faulty error handling – Quantas flight 72
7
un-commanded downward pitch
(incorrect fault recovery), Mars Polar Lander (software failed to detect spurious
data)
8
, Denver Airport (software assumed the luggage would not get jammed)
9
,
NASA Spirit Rover
10
(too many files on drive not detected)
• Faulty data definition – ESA Ariane 5 explosion (16/64-bit mismatch)
1112
, Mars
Climate Orbiter (Metric/English mismatch)
13
, TITANIV (wrong constant defined)
14
• Faulty logic/sequence – Solar Heliospheric Observatory spacecraft mishap
15
,
AT&T Mid Atlantic outage in 1991
16
, Operator’s choice of weapon release
overridden by software control
17
• Faulty state management – Incorrect missile firing from invalid setup
sequence
18
• Faulty algorithm – Flight controls fail at supersonic transition
19
, Mariner 1
20
mishap
• Faulty timing – 2003 Northeast blackout
21
, Therac 25 race condition
22
, Missile
launch timing error
23
, Apollo 11 lunar landing
24
• Faulty endurance – PATRIOT system failure
25
• Peak load conditions – IOWA caucus failure
26
• Faulty usability
• Software makes it too easy for humans to make irreversible mistakes –
Panama City, Panama over-radiation
27
• Insufficient positive feedback of safety and mission critical events
The SFMEA is beneficial when executing functions that cannot be reversed, have a
serious effect, cannot be avoided or overridden by humans and happen
instantaneously. Also, the SFMEA is beneficial when conducted against the design
and specifications as opposed to a source code line by line analysis. Historically,
greater than 50% of all software faults originate in the specifications or design
28
.
7
https://www.atsb.gov.au/publications/investigation_reports/2008/aair/ao-2008-070/
8
https://solarsystem.nasa.gov/system/internal_resources/details/original/3338_mpl_report_1.pdf
9
http://calleam.com/WTPF/wp-content/uploads/articles/DIABaggage.pdf
10
https://llis.nasa.gov/lesson/1483
11
https://www.nytimes.com/1996/12/01/magazine/little-bug-big-bang.html
12
https://www.esa.int/Newsroom/Press_Releases/Ariane_501_-_Presentation_of_Inquiry_Board_report
13
https://solarsystem.nasa.gov/missions/mars-climate-orbiter/in-depth/
14
https://www.faa.gov/regulations_policies/faa_regulations/commercial_space/media/Guide-Software-Comp-Sys-Safety-RLV-
Reentry.pdf
15
https://umbra.nascom.nasa.gov/soho/SOHO_final_report.html
16
https://telephoneworld.org/landline-telephone-history/the-crash-of-the-att-network-in-1990/
17
JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING HANDBOOK, Appendix F Lessons Learned Section F.6.
18
JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING HANDBOOK, Appendix F Lessons Learned Section F.5.
19
JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING HANDBOOK, Appendix F Lessons Learned Section F.4.
20
https://nssdc.gsfc.nasa.gov/nmc/spacecraft/display.action?id=MARIN1
21
https://www.energy.gov/sites/prod/files/oeprod/DocumentsandMedia/BlackoutFinal-Web.pdf
22
JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING HANDBOOK, Appendix F Lessons Learned Section F.1.
23
JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING HANDBOOK, Appendix F Lessons Learned Section F.2
24
https://history.nasa.gov/computers/Ch2-6.html
25
JOINT SOFTWARE SYSTEMS SAFETY ENGINEERING HANDBOOK, Section E.3.15 Endurance Issues
26
https://www.cnbc.com/2020/02/04/iowa-caucus-app-debacle-is-one-of-the-most-stunning-it-failures-ever.html
27
https://www.fda.gov/radiation-emitting-products/alerts-and-notices/fda-statement-radiation-overexposures-panama
28
Neufelder, Ann Marie. “Cold Hard Truth About Reliable Software, Edition 6j, 2019”.